As for the phishing technique, a similar tactic of uploading a selfie while holding an ID card was seen in October 2016, when McAfee discovered a variant of the Acecard Android banking trojan. It too asked users to upload their selfies when logging into their mobile banking accounts.

How to stay safe

Beware of hyperlinks in emails. Generally only emails that are meant to reset your password or confirm an email address need you to click on hyperlinks.

Check the domain name in the URL browser correctly before entering any sensitive details. PayPal.com is the correct domain and everything else is likely a fake page.

If there is a time countdown not amounting to days but hours or minutes it is likely to be a phishing attempt.

Look out for generic greetings like 'Hello, PayPal member'. The company after its last phishing scam has said they only address users by their full names.

PayPal generally asks one or two security questions to authenticate and not all your details because it already has them stored.

In case you do receive such dodgy e-mails report them to spoof@paypal.co.uk or .com depending on your country, without changing the subject line or forwarding the message as an attachment. After sending it make sure to delete the email.